| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <33fb4d70-c3e7-4158-9727-3ad29f974246@suse.com> Date: Mon, 15 Sep 2025 16:38:05 +0200 From: Juergen Gross <jgross@...e.com> To: cve@...nel.org, linux-kernel@...r.kernel.org Subject: Re: CVE-2023-53212: xenbus: check xen_domain in xenbus_probe_initcall On 15.09.25 16:21, Greg Kroah-Hartman wrote: > From: Greg Kroah-Hartman <gregkh@...nel.org> > > Description > =========== > > In the Linux kernel, the following vulnerability has been resolved: > > xenbus: check xen_domain in xenbus_probe_initcall > > The same way we already do in xenbus_init. > Fixes the following warning: > > [ 352.175563] Trying to free already-free IRQ 0 > [ 352.177355] WARNING: CPU: 1 PID: 88 at kernel/irq/manage.c:1893 free_irq+0xbf/0x350 > [...] > [ 352.213951] Call Trace: > [ 352.214390] <TASK> > [ 352.214717] ? __warn+0x81/0x170 > [ 352.215436] ? free_irq+0xbf/0x350 > [ 352.215906] ? report_bug+0x10b/0x200 > [ 352.216408] ? prb_read_valid+0x17/0x20 > [ 352.216926] ? handle_bug+0x44/0x80 > [ 352.217409] ? exc_invalid_op+0x13/0x60 > [ 352.217932] ? asm_exc_invalid_op+0x16/0x20 > [ 352.218497] ? free_irq+0xbf/0x350 > [ 352.218979] ? __pfx_xenbus_probe_thread+0x10/0x10 > [ 352.219600] xenbus_probe+0x7a/0x80 > [ 352.221030] xenbus_probe_thread+0x76/0xc0 > > The Linux kernel CVE team has assigned CVE-2023-53212 to this issue. I don't see how an unprivileged user could trigger this problem. Please revoke this CVE. Juergen Download attachment "OpenPGP_0xB0DE9DD628BF132F.asc" of type "application/pgp-keys" (3684 bytes) Download attachment "OpenPGP_signature.asc" of type "application/pgp-signature" (496 bytes)
Powered by blists - more mailing lists